You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Rootkit question

My computer was recently hit with the SKYNET/Rootkit-Pakes.L infection and I used it as a motivator to do a fresh install of Vista. My laptop has a partition and the D: drive is where all of my data/pictures/videos while the C: is the OS and my applications. When I reinstalled Vista, the recovery formated C: but left D: untouched and so my data there was preserved. My question is this: need I worry about the infection being still hidden amongst my files on the D: drive? Furthermore, I made a backup copy of my "Documents" folder (which was on C:) which contained some odds and ends like Word documents, Photoshop psd files, etc after the infection appeared. Might they too be infected?

P.S. Thanks to all the mods on this forum. I've followed other threads to gain an understanding of what happened to my PC and I appreciate the education as well as the effort you lot put into helping everyone. Cheers.

I have, however, tried to run Root Repeal as well (a paranoid precaution perhaps seeing as I've reinstalled Vista) and every time I start it scanning I get the "Could not read system registry! please contact the author!" message I've seen others mention on this forum. Should I be concerned?

What version of RootRepeal are you using? You should be using v1.3.5. If you are getting the error on the most current version, the tool's developer is already aware and looking into the issue but no fix is available yet.

When backing up data due to infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. Then make sure you scan the files with your anti-virus prior to copying them back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.